BlogUrgent: Department of Homeland Security Issues Critical Security Warning!


Never mind if you’re a Check Point customer…

Friday April 12, The CERT Coordination Center (CERT/CC) with the US Department of Homeland Security (DHS), issued a warning of a newly discovered vulnerability affecting possibly hundreds of Virtual Private Network (VPN) applications. But if you’re a Check Point customer, carry on, nothing to see here…

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC Vulnerability Note VU#192371 to get details of the affected VPN applications and the problem of insecure storing of session cookies in memory and/or log files. Organizations face the risk of attackers exploiting this vulnerability to take control of an affected system.

Check Point VPN customers are not affected because of their advanced, market-leading network security architecture. Check Point’s IPsec and SSL VPNs offer a number of market-leading network security capabilities that add safety and convenience for your remote access users, including:

  • Threat prevention
  • Incident analysis
  • Access control
  • Data security
  • Compliance checking
  • Multi-factor authentication

Customers using other VPNs should consult with their vendor. To help you assess your specific situation, we’ve formed a special VPN task force team to discuss your available options, including a quick migration to Check Point technology. Interested customers should contact our Incident Response team at

About the Author

Mark Teter, Corporate Technologist

Mark Teter, Corporate Technologist

In his role, Mark is responsible for the strategic direction of ASG’s emerging technology offerings and advancing the deployment of present-day hybrid cloud solutions for our customers. Mark has served as Faculty Staff Member at Colorado State University and has written over 50 white papers on subjects including Data Center Ethernet, Linux and Open Source, Storage Area Networks and Computer Virtualization. He published Paradigm Shift in 2006, a book on emerging technologies. He is a Google Certified Professional Cloud Architect.